In this recipe, we will configure a login page for a new portal.
To complete this task, we need to have some knowledge of the following technologies:
- Servlets/JSPs
- JAAS
- GateIn, as many Java products use JAAS for authentication management, JSPs for the login forms, and servlets for operations such as login, logout, remind me, change password, and so on.
- In the
web.xmlof the main GateIn web application, add the code:<login-config> <auth-method>FORM</auth-method> <realm-name>gatein-domain</realm-name> <form-login-config> <form-login-page>/initiatelogin</form-login-page> <form-error-page>/errorlogin</form-error-page> </form-login-config> </login-config> - Add a JSP inside the portal root with this path:
login ---jsp -----login.jsp
A simple login.jsp can be written using the default JAAS variables as:
<form method="POST" action="j_security_check"> Login:<input type="text" name="j_username"><br/> Password:<input type="password" name="j_password"><br/> <input type submit="Login"/> </form>
The web container will search the current JAAS module and will know where to redirect the log in action.
This authentication system is implemented through an HTML form connected to the domain, gatein-domain, and two paths for the login page and error page that reference the internal servlets, org.exoplatform.web.login.InitiateLoginServlet and org.exoplatform.web.login.ErrorLoginServlet. These servlets call a controller, the WCI Controller, which by default reads the pages inside the login/jsp directory.
A more complete login.jsp page can be seen in the main portal under the path seen above, so we will not explore the details.
Instead of the j_security_check, we can use a custom action in the form provided by the eXo team that calls the servlet org.exoplatform.web.security.PortalLoginController. It adds the feature for the "remember me". Here is an example of the configuration of the servlet in the web.xml file:
<servlet>
<servlet-name>PortalLoginController</servlet-name>
<servlet-class>org.exoplatform.web.security.PortalLoginController</servlet-class>
</servlet>
…
<servlet-mapping>
<servlet-name>PortalLoginController</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>Here is an example of login.jsp using this servlet:
<form name="loginForm" action="<%= request.getContextPath()+ "/login"%>" method="post" style="margin: 0px;"> … add the jaas fields seen before for the username and password <input type="checkbox" name="rememberme" value="true"/> </form>